Publication number | US7921148 B2 |
Publication type | Grant |
Application number | US 11/501,305 |
Publication date | Apr 5, 2011 |
Filing date | Aug 9, 2006 |
Priority date | Aug 9, 2006 |
Fee status | Paid |
Also published as | DE102007037363A1, US8135767, US20080040414, US20080126456 |
Publication number | 11501305, 501305, US 7921148 B2, US 7921148B2, US-B2-7921148, US7921148 B2, US7921148B2 |
Inventors | Thomas Kuenemund |
Original Assignee | Infineon Technologies Ag |
Export Citation | BiBTeX, EndNote, RefMan |
Patent Citations (11), Non-Patent Citations (1), Referenced by (3), Classifications (9), Legal Events (2) | |
External Links: USPTO, USPTO Assignment, Espacenet | |
The present invention relates generally to processors and controllers and standard cells for arithmetic logic units (ALUs) in such processors and controllers.
A standard cell for ALUs in microcontrollers may be implemented using a semi-custom design style. Chip card controllers have to meet high requirements in terms of resistance to invasive probing and/or non-invasive differential power analysis (DPA) of security-critical information. One prior art device uses bitwise XOR masking of all data using time-variant masks, so-called “one-time pad (OTP)” masks.
co _{—} n=
s_n=
The mirror adder thus logically combines the two operand bits a and b and the carry-in bit ci in order to obtain the inverted carry-out bit co_n and the inverted sum bit s_n. In a standard-cell implementation of the mirror adder, co_n and s_n are usually additionally inverted by two inverters so that then the outputs of the mirror adder cell are usually the carry bit co and the sum bit s.
When output signals produced by a conventional full adder are supplied with masked input data, the equations
y=a·b+b·c+c·a (3)
z=a⊕b⊕c (4)
are transformed under the “masking operation”, that is, the XOR combination
{circumflex over (x)}=x⊕k (5)
of x=a, b and c with an OTP bit k.
One then obtains â·{circumflex over (b)}+{circumflex over (b)}·ĉ+ĉ·â=(a·b+b·c+c·a)⊕k=y⊕k=ŷ and â⊕{circumflex over (b)}⊕ĉ=a⊕b⊕c⊕k=z⊕k={circumflex over (z)}. The “full adder equations” are form-invariant (covariant) under the “masking operation”: from input data masked with k, the full adder computes output data which is also obtained when output data from unmasked input data is masked with k.
The present invention will be described with respect to a preferred embodiment, in which:
Attempts to implement OTP masks using conventional standard cells have led to unacceptable values for the computing speed and energy expenditure. Because of this, commercial implementation of OTP-masked computation has been difficult.
One embodiment of the present invention provides a cell for an arithmetic logic unit comprising:
A further embodiment of the present invention provides control circuitry for an ALU cell comprising:
A further embodiment of the present invention also provides control circuitry for an ALU cell comprising:
In a further embodiment, the present invention provides a masked ALU cell comprising:
The present invention also provides a method for logically combining two inputs in a masked ALU cell comprising:
The present invention provides a mirror adder, control circuitry and methods suited especially well for standard cell implementation. The ALU cell of the present invention not only provides the arithmetic function of (one-bit) addition of two binary numbers (the two operands), but also is programmable by suitable control signals so as to perform logical operations, namely bitwise NAND, NOR or XOR operations, on the two operands. When suitably inverting the operands or the result, it is then possible to implement any possible bitwise logical operations as well as arithmetic operations. Moreover, all these operations are intended to be performed such that all data (operands, carries (carry-ins/carry-outs), and results) are XOR-masked using time-variant OTP masks.
Compared to an OTP implementation using conventional standard cells, this means significantly (several hundred percent) higher computing speeds and significantly lower energy expenditure.
From this, it follows that the relationship between co*_n and a*, b* and ci* in
co* _{—} n=
and, secondly, that the equation for s*_n in
s*_n=
if it holds that xe1=xe0=ci*,
and, respectively,
s* _{—} n=
for xe1=1, xe0=0
Other values for xe1 and xe0 are not needed in this embodiment.
With the definition
y*=y⊕k_{p}, (9)
(where k_{p }denotes the mask bit for bit position p) for masked data, it follows from the covariance of the full adder equations under the masking operation, first of all, that the circuit specified in
As for the inverted sum bit s*_n, i.e., the equations (7) and (8), (7) represents the conventional (covariant) full adder equation for the inverted sum bit if ci* denotes the carry bit masked with k_{p }of bit position p-1.
However, if it is provided that the carry-in bit ci* for bit position p is equal to mask bit k_{p }or to its inverse
s*_n=
for ci*=k_{p}, and, respectively,
for ci*=
Alternatively to equation (7), or to the ADD, XOR and XNOR operations, as described above, the operations NAND and NOR can be implemented by (8). To this end, in addition to the conditions xe1=1, xe0=0 for the validity of (8), it should again be provided that the carry-in bit ci* for bit position p is equal to mask bit k_{p }or to its inverse
for ci*=k_{p}, and, respectively,
for ci*=
The table of
In this regard, it should further be noted that the combinations of control signals m3, m2, m1 (0, 0, 1 and 0, 1, 1 and 1, 1, 1), which are not listed in the above table, are excluded by an external control logic, because otherwise the resulting expressions for the output data of the ALU cell of the present invention would be useless for arithmetic-logic purposes.
All circuit elements included
Cited Patent | Filing date | Publication date | Applicant | Title | |
---|---|---|---|---|---|
US4893267 * | Nov 1, 1988 | Jan 9, 1990 | Motorola, Inc. | Method and apparatus for a data processor to support multi-mode, multi-precision integer arithmetic | |
US5555428 * | Mar 10, 1995 | Sep 10, 1996 | Hughes Aircraft Company | Activity masking with mask context of SIMD processors | |
US6295606 * | Jul 26, 1999 | Sep 25, 2001 | Motorola, Inc. | Method and apparatus for preventing information leakage attacks on a microelectronic assembly | |
US6476634 * | Feb 1, 2002 | Nov 5, 2002 | Xilinx, Inc. | ALU implementation in single PLD logic cell | |
US6973551 * | Dec 30, 2002 | Dec 6, 2005 | Emc Corporation | Data storage system having atomic memory operation | |
US6995555 | Apr 26, 2002 | Feb 7, 2006 | Infineon Technologies Ag | Apparatus and method for determining a current through a power semiconductor component | |
US7034559 | Feb 17, 2004 | Apr 25, 2006 | Infineon Technologies Ag | Integrated test circuit in an integrated circuit | |
US20020103839 * | Jan 18, 2002 | Aug 1, 2002 | Kunihiko Ozawa | Reconfigurable arithmetic device and arithmetic system including that arithmetic device and address generation device and interleave device applicable to arithmetic system | |
US20050036618 * | Jul 16, 2004 | Feb 17, 2005 | Infineon Technologies Ag | Calculating unit and method for performing an arithmetic operation with encrypted operands | |
DE1008033B1 | Title not available | ||||
DE10201449C1 | Jan 16, 2002 | Aug 14, 2003 | Infineon Technologies Ag | Rechenwerk, Verfahren zum Ausführen einer Operation mit einem verschlüsselten Operanden, Carry-Select-Addierer und Kryptographieprozessor |
Reference | ||
---|---|---|
1 | * | Author: August; Title: "Lecture 8: Control"; Date: 2004/Fall; URL: http://www.cs.princeton.edu/courses/archive/fall04/cos471/lectures/08-Control.pdf. |
Citing Patent | Filing date | Publication date | Applicant | Title |
---|---|---|---|---|
US8135767 * | Aug 8, 2007 | Mar 13, 2012 | Thomas Kuenemund | Standard cell for arithmetic logic unit and chip card controller |
US20080040414 * | Aug 8, 2007 | Feb 14, 2008 | Infineon Technologies Ag | Standard cell for arithmetic logic unit and chip card controller |
US20100281092 * | Apr 30, 2010 | Nov 4, 2010 | Thomas Kuenemund | Standard cell for arithmetic logic unit and chip card controller |
U.S. Classification | 708/490, 708/230, 708/232, 708/231, 708/236 |
International Classification | G06F7/38 |
Cooperative Classification | G06F7/764, G06F7/5016 |
European Classification | G06F7/501D |
Date | Code | Event | Description |
---|---|---|---|
Aug 9, 2006 | AS | Assignment | Owner name: INFINEON TECHNOLOGIES AG, GERMANY Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:KUENEMUND, THOMAS;REEL/FRAME:018175/0933 Effective date: 20060809 |
Sep 25, 2014 | FPAY | Fee payment | Year of fee payment: 4 |